CVE-2026-30247

{"id": "CVE-2026-30247", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-07T04:15:54.560", "references": [{"url": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-595m-wc8g-6qgc", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's \"Import document via URL\" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend implements comprehensive URL validation (blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints), it fails to validate redirect targets. An attacker can bypass all protections by using a redirect chain, forcing the server to access internal services. Additionally, Docker-specific internal addresses like host.docker.internal are not blocked. This issue has been patched in version 0.2.12."}, {"lang": "es", "value": "WeKnora es un framework impulsado por LLM dise\u00f1ado para la comprensi\u00f3n profunda de documentos y la recuperaci\u00f3n sem\u00e1ntica. Antes de la versi\u00f3n 0.2.12, la caracter\u00edstica 'Importar documento v\u00eda URL' de la aplicaci\u00f3n es vulnerable a la falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) a trav\u00e9s de redirecciones HTTP. Aunque el backend implementa una validaci\u00f3n exhaustiva de URL (bloqueando IPs privadas, direcciones de bucle invertido, nombres de host reservados y puntos finales de metadatos en la nube), no logra validar los objetivos de redirecci\u00f3n. Un atacante puede eludir todas las protecciones mediante el uso de una cadena de redirecci\u00f3n, forzando al servidor a acceder a servicios internos. Adem\u00e1s, las direcciones internas espec\u00edficas de Docker como host.docker.internal no est\u00e1n bloqueadas. Este problema ha sido parcheado en la versi\u00f3n 0.2.12."}], "lastModified": "2026-03-11T19:22:24.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B86D061-D1A8-438E-802E-D5408C339349", "versionEndExcluding": "0.2.12"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}